CVE-2026-41363
Received Received - Intake
Path Traversal in OpenClaw Feishu Extension Enables Arbitrary File Access

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: VulnCheck

Description
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload_image operations to read arbitrary files outside configured localRoots boundaries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-41363
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw From 2026.2.6 (inc) to 2026.3.28 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41363 is a path traversal vulnerability found in the Feishu extension's resolveUploadInput function of OpenClaw versions 2026.2.6 through 2026.3.24. This flaw allows attackers to bypass file-system sandbox restrictions by exploiting improper path resolution during upload_image operations.

Because of this vulnerability, attackers can read arbitrary files outside the configured localRoots boundaries, which are supposed to restrict file access to certain directories.

Impact Analysis

This vulnerability can allow an attacker with low privileges and no user interaction to read arbitrary files on the host system outside the intended sandbox directories.

Such unauthorized file reads can lead to a breach of confidentiality, exposing sensitive or private data stored on the system.

The attack requires network access and has a high attack complexity, but it does not affect data integrity or system availability.

Detection Guidance

Detection of CVE-2026-41363 involves identifying attempts to exploit the path traversal vulnerability in the Feishu extension's upload_image operation. Since the vulnerability allows reading arbitrary files outside the configured localRoots boundaries, monitoring for unusual file access patterns or suspicious upload_image requests that include path traversal sequences (e.g., ../) can help detect exploitation attempts.

Specific commands or tools are not detailed in the provided resources. However, general detection methods may include:

  • Reviewing application logs for upload_image requests containing path traversal patterns.
  • Using network monitoring tools to detect suspicious HTTP requests targeting the Feishu extension upload endpoints.
  • Employing file integrity monitoring to detect unauthorized file reads outside the localRoots sandbox.
Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.28 or later, where the vulnerability has been fixed by enforcing the localRoots sandbox on Feishu DOCX upload file reads.

Until the upgrade can be applied, consider restricting network access to the vulnerable Feishu extension upload endpoints to trusted users only, and monitor for suspicious upload_image activity that may indicate exploitation attempts.

Compliance Impact

CVE-2026-41363 allows attackers to read arbitrary files outside the intended sandbox, leading to unauthorized disclosure of potentially sensitive information.

Such unauthorized file access and data exfiltration could result in breaches of confidentiality, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive data.

Organizations using affected OpenClaw versions should consider this vulnerability a risk to data confidentiality and take appropriate remediation steps to maintain compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41363. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart